Wednesday, July 9, 2008

July 8: Microsoft Security Update Gets an F

F is short for Fail, and Microsoft got a failing grade from me on its latest security update for Windows XP (KB951748). Upon installation, tens of thousands of users lost Internet connectivity.

Security Update for Windows XP (KB951748) addresses a serious problem and it should be installed. Unfortunately, this update does not work well with Check Point's ZoneAlarm, a widely used software firewall.

Microsoft's grade was based solely on its failure to test or detect compatibility problems with ZoneAlarm.

Internet Connectivity Shut OffOnce the update was installed, ZoneAlarm detected suspicious activity in the Windows XP kernel and disabled network traffic. It did what it was designed to do.

The Blame BeginsZoneAlarm is made to block suspect intrusions and extrusions. Many people are blaming ZoneAlarm for the problem, but I do not think it is their fault. Firewalls are under frequent attack, and ingenious ways of selectively allowing or blocking network traffic enables ZoneAlarm to be effective.

Unless Check Point had prior access to the update, the blame rests with Microsoft. Microsoft needed to test their update on computers with ZoneAlarm installed. If they discovered an incompatibility, they should have contacted Check Point to work out a temporary or permanent solution.

Microsoft knows that hundreds of thousands of its users also use ZoneAlarm: Check Point does not know what is in the security update and how it was implemented.

I lost over two hours trying to diagnose and fix the problem. This could have been avoided easily.

Initially, Check Point recommended uninstalling the new security update. That is bad advice because the security update is needed. The alternative is uninstalling or weakening ZoneAlarm, but that might be worse than removing the update.

Newly-patched ZoneAlarm Versions are AvailableTo enable Internet access with Microsoft's security update; Check Point patched its ZoneAlarm product line. If users can get online, new versions (as of July 9, 2008) are available for the following products:

Monday, July 7, 2008

SP3 to Automatic Updates on July 10

The time has come. On July 10, 2008, at 10:00 AM PST, Microsoft will begin to "push" distribution of Windows XP Service Pack 3 via "Automatic Updates".

This is not the first service pack to be distributed, but it is still a risky move. If there are problems with updates to the millions of Windows XP computers, Microsoft will get the brunt of the harsh criticism, both deserved and undeserved.

For computer users who follow Microsoft's advice, Automatic Updates is set to download and install recommended updates as they become available. However, if there is a glitch in the installation process, users could wake up to an unusable computer. That is why I recommend you use Automatic Updates solely to provide a notification of update availability.

At this point, Microsoft knows most of the causes of SP3's installation and compatibility problems. I believe that Automatic Updates will first scan your computer for the known troublemakers, and if detected, will disallow the download/installation.

While I do not know the details of how the update works, I have a serious concern about the reliability of the process. I hope to get answers to questions posed to Microsoft earlier today. Does Automatic Updates have the ability to stay within accepted installation guidelines and to follow Microsoft's pre-installation instructions? These include:

Saturday, July 5, 2008

Windows XP SP3: Is it Needed?

Using Windows is like living in a high-crime neighborhood: You are never safe. SP3 enhances security and installs needed updates.

SP3 provides new features, mainly security enhancements developed for Vista, which may not be available as individual updates for XP.

On a few computers I updated, some previously loaded Critical Updates (to SP2) had not installed themselves fully. Others were never downloaded. SP3 detected these incomplete or missing updates and installed them.

Anyone who installs Service Pack 3 accepts a certain amount of risk (failure to install, loss of data, unanticipated problems due to incompatibilities, waste of time, etc.) However, not installing all of the recommended security enhancements is risky too.

While you will not notice it, SP3 will make your computer more secure. Moreover, any time you can increase the security of your Windows-based computer, you should seriously consider doing it.

PS: Contrary to earlier reports, SP3 will not speed up your computer. There is no noticeable performance change resulting from this update.

Sunday, June 29, 2008

The XP SP3 Installation Green Light

The May 6, 2008 Red Light:A number of seasoned computer experts advised Windows XP users to hold off 1-2 months before installing Service Pack 3.

Did they need a detailed knowledge of SP3 to offer that sound advice? Not really. Based on prior experience with previous updates, it was safe to assume it will take Microsoft approximately 6-8 weeks to discover and fix most of SP3's unexpected installation and compatibility problems.

The Green Light:There's a related Green Light rule of thumb for computer owners to install SP3 with less risk (provided they make the proper preparations). The green light will be given by Microsoft on the day it starts to distribute SP3 via Automatic Updates.

I recommended waiting until the third week in June before installing SP3. Given the experience of thousands of XP computer owners, my "Red Light" rule of thumb was right. Only time will tell if proceeding on my proposed "green light" was a wise decision.

Thursday, June 26, 2008

Downgrading Vista to Windows XP

There is a lot of confusion about the possibilities for downgrading Windows Vista to Windows XP. After June 30, 2008, the leading computer manufacturers (Dell, HP, Lenovo, etc.) will no longer sell desktops and notebooks solely with Windows XP.

Fully supported, factory-installed Windows XP Professional is available as a "Vista downgrade". With your new Vista computer, you receive operating system disks for both Vista and XP Pro, each licensed solely for use on your new computer.

You can transition to Vista at any time. However, before you install your copy of Vista, you will have to backup your data. Vista's installation (or XP's reinstallation) will erase all of your programs, data and customized settings.

Only two editions of Vista come with "downgrade rights":

Vista Business

Vista Ultimate

If you want to downgrade Vista Home Basic or Premium to XP on your new computer, you must first upgrade (at added expense) to Vista Business or Ultimate.

In addition, you can only downgrade Vista to Windows XP Professional. You cannot downgrade Vista to Windows XP Home.

Friday, June 20, 2008

How to Block Windows XP SP3 Installation

Unless you select the proper options, Windows XP's Automatic Updates service will download security updates and install them at a specified time, in the "background", without your involvement.

Within a few months of its May 2008 introduction, SP3 will be distributed via Automatic Updates; so make sure that its settings let you manage what is installed.

I just discovered a tool from Microsoft that prevents installation of service packs obtained with Windows Update.

The tool can delay the installation of Windows XP Service Pack 3 until May 2009. It can also be used with Vista SP1 and future service packs for Windows Server 2003. It only works with Windows Update and cannot stop the installation of service packs from CDs and DVDs.

The Windows Service Pack Blocker Tool Kit can be downloaded from Microsoft's website:

Just in case you are confused about Microsoft's terminology, here are some definitions:

Automatic Updates is an operating system service accessible from your computer's Control Panel. In its most automated mode, it does not require the use of a browser to download and install a Microsoft-recommended update.

Windows Update is an interactive program on Microsoft's website. Windows Update examines your computer and advises you of the updates available for your operating system. You must use Internet Explorer to access Windows Update.

Microsoft Update also requires Internet Explorer and is almost identical to Windows Update. Microsoft Update scans your computer and provides you with a list of updates for Microsoft applications such as MS Office.

Windows XP Service Pack 3 became available from Windows Update on May 6, 2008. On July 10, 2008, Microsoft started SP3's distribution via Automatic Updates.

Sunday, June 1, 2008

Don't Take Advice from Bloggers

If you can get past my attention-grabbing blog post title, you should take my advice and ignore advice from blogs and forums on remedies for advanced technical computer problems.

In the process of researching issues with Windows XP SP3 installation, compatibility and performance, I spoke with a number of industry experts. Their affiliations included Microsoft, Dell Technical Support, and The Geek Squad. I also scanned some industry and technical magazines, forums and blogs.

In many blog comments and forum posts, I was shocked to find high-risk, but authoritatively-stated fixes to Blue Screen of Death and Windows Registry problems. Far too often, those detailed technical recommendations were not checked for typos or were authored by someone unknowingly giving bad advice.

The average non-technical computer user gets flustered when his or her computer has a serious, unexpected malfunction. At that point, they are in the greatest danger of acting on bad advice and making their unfortunate situation worse.

Non-technical computer users should leave the editing of the Windows Registry (and comparable tasks) to a qualified technician. They should not try to make these highly technical changes from recommendations in a forum post or blog comment.

Forums and blogs offer a lot of invaluable information, but in critical situations, only follow their advice when you are sure of every detail.

If your computer problem is related to a Windows XP SP3 installation, contact Microsoft and request their free technical support.

Friday, May 23, 2008

Another Reason to Postpone SP3 Installation

Microsoft should be blamed for many Windows XP SP3 installation issues. However, new problems will be caused by third-party software publishers that did not adequately test their own offerings for SP3 platforms.

Problems occurred with some special versions of Internet Explorer 7. These "private label" IE browsers are often provided to customers by large ISPs such as Comcast.

Antivirus programs and utilities that monitor and halt applications need the most testing. Symantec issued a patch to fix a post-SP3 installation problem that removed entries in the Device Manager, blocked network connectivity and created thousands of unwanted entries in the Windows registry.

By waiting a month (after its initial release) to install SP3, you will be spared the grief caused by ineffective error detection and lax quality assurance practices at independent software providers.

Wednesday, May 21, 2008

Defensive Computing

Michael Horowitz is the author of Defensive Computing, a blog published by CNET. He writes on a broad spectrum of computer-related topics; most include valuable advice on avoiding safety threats and minimizing computer problems.

I find myself agreeing with Michael's recommendations, so I thought it would be helpful to point you to his website.

Saturday, May 17, 2008

Installing Windows XP SP3: My Experience

Immediately after performing an antivirus scan and a full backup, I installed Windows XP SP3 on an old IBM laptop (model A21m, PIII 800MHz, 512 MB RAM). The laptop had the latest operating system critical updates, device drivers, and BIOS firmware.

The SP3 installation on the older laptop took an hour and a half despite a fast broadband connection. (SP3 installation on more powerful computers should take significantly less time.)

I would like to think that my cautious approach improved the chances for a successful installation:

* Never connect to the Internet unless your antivirus program is enabled. Preferably, you should also be protected by a firewall. Conversely, disable your antivirus program and software firewall (after you disconnect the network) during the installation of system upgrades.

I did not encounter problems with the SP3 installation. My computer is running smoothly and possibly a bit faster.

I installed May's Critical Updates on my other computers. However, I will postpone their SP3 installations for one week after Microsoft's June, 2008 upgrades become available.

On the second Tuesday of every month, Microsoft Windows Update provides patches for your operating system and applications. The available downloads typically include:

Patches for newly-found security vulnerabilities

Bug fixes

A malware removal tool

Application upgrades

While the Automatic Updates feature should be turned on, do not let it install anything without your approval. Use the Automatic Updates icon as a notification to launch Windows Update. To have the best control over what is installed; select the Custom update option.

A list of available updates is generated based on a hardware and software scan of your computer. Some of these are critical or high-priority updates, while others are optional or unwanted. I select the appropriate updates, press Install, and hope for the best. (I had serious installation problems roughly once or twice a year).

Tuesday, May 13, 2008

Free Windows XP SP3 Installation Support

Microsoft is offering Windows XP users free and unlimited technical support for Service Pack 3 installation and compatibility issues. Support is accessible via:

E-mail

Individual Chat

Phone (866-234-6020)

This generous free offer is good until April 14, 2009, which happens to be Windows XP's "Mainstream Support Retirement Date".

BTW, there is even better news for those of you who take excellent care of your personal computers. Microsoft will continue supporting Windows XP until April 8, 2014, the "Extended Support Retirement Date".

I recommend that you postpone the installation of SP3 until the third week of June, 2008. This still leaves you ten months of free and unlimited support, just in case you need it...

Monday, May 12, 2008

Two reasons not to install Windows XP SP3

There are two reasons you should not install Windows XP SP3:

Windows XP SP3 is not ready for you

You are not ready for Windows XP SP3

1. Why is Windows XP SP3 not ready for you?

It is admirable for Microsoft to offer an upgrade to a product already replaced by Vista and not sold after June 30, 2008. While this strategy may not be in Microsoft's best interests, I appreciate the company's continuing development of my old proprietary operating system.

It is a cheap shot at Microsoft to say Windows XP SP3 is not ready for installation. Operating systems are incredibly complex, and the installation of a service pack with a large collection of patches and new features will often fail. There is no company in the world that is capable of providing a defect-free operating system upgrade on the scale of Windows XP SP3.

Microsoft released Windows XP Service Pack 3 on May 6, 2008. I recommend waiting until the third week in June before you install it. This will give Microsoft six weeks to detect and fix bugs that affect a significant number of Windows XP SP2-based computers.

I know that millions of less risk-averse and risk-aware computer owners will install SP3 this month with no resulting problems. Perhaps I am just being too cautious...

2. Why are users not ready for Windows XP SP3?

A. They have not made Microsoft's recommended pre-installation preparations.

Unlike many software providers, Microsoft stresses the importance of users taking specific steps and understanding related information prior to installing service packs. This information is contained in the SP3 Release Notes. Unfortunately, most people would rather go to a dentist than read release notes.

The Release Notes recommend several ways to repair the damage resulting from an unsuccessful installation. This includes a full backup of the files on the computer. Despite this sound advice, most users will simply press, "Install" and hope for the best.

B. Your computer and current version of Windows XP SP2 do not work well.

SP3 will not miraculously fix problems with corrupted code, improper OS settings, or intermittently malfunctioning hardware. I would not feel comfortable installing SP3 on a flaky system. Fix these problems before they become masked or further complicated by the upgrade.

After a complete backup, users may consider the preparation for SP3 as an appropriate time to update the BIOS firmware, upgrade the hardware (replace the hard drive, add RAM, etc.), remove accumulated dust, and perform a fresh installation of Windows XP SP2. A small investment in hardware can improve the performance and extend the useful life of your XP-based computer.

C. The user has not confirmed that essential applications will continue to work.

Before installing SP3, I recommend reviewing your list of installed applications and deleting every unused program. During this assessment, list the programs that must be compatible with SP3 and confirm that they will work in their upgraded environment.

Computer upgrades need to be considered on a case-to-case basis. If you are not completely familiar with every phase of a hardware or software upgrade, consult a technical expert who knows your computing requirements and budget.

Disclaimer: I am reasonably pleased with Windows XP (every system has its drawbacks), and for the next 12 months, I have no plans to buy or install Vista. My company's PC hardware should be adequate to meet our computing needs for the next 18 months. By then, we will consider every option including Linux, Vista, and its successor.

New Pages on IAPS.COM

Feeds

IAPS

Founded in 1977, IAPS is a leading international training and consulting firm that designs and presents educational programs for technical professionals and managers. IAPS provides technical experts to assist organizations with assessment, design and implementation of leading edge software for electronic products and complex IT systems. IAPS also provides technical litigation support services on intellectual property matters in addition to technical training support services and education consulting.